Remote Code Execution Vulnerability in Cisco Prime Collaboration Provisioning Tool
CVE-2017-6792
6.5MEDIUM
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 7 September 2017
Summary
A vulnerability exists in the batch provisioning feature of Cisco Prime Collaboration Provisioning Tool that permits an authenticated remote attacker to overwrite critical system files with root privileges. This is attributed to insufficient input validation of parameters used in batch file name and directory settings. By manipulating the parameters during a batch action, an attacker can successfully execute arbitrary code and compromise the system's integrity. Organizations using the affected product should implement recommended security measures to mitigate risks.
Affected Version(s)
Cisco Prime Collaboration Provisioning Tool Cisco Prime Collaboration Provisioning Tool
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved